You really only need to grab this step:
- Enumerate any users in DomainB whose sIDHistory collection contains one or more of any of the above cumulative SIDs. SIDHistory in DomainA has the SID of the group in DomainB. You need to find anyone who is a member of the group in DomainB. That will give them implicit access via SIDHistory. Everyone else just gets the access via normal group membership in the DomainA group. Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Joseph L. Casale Sent: Thursday, March 30, 2017 5:05 PM To: ntsysadm@lists.myitforum.com Subject: [NTSysADM] SID history report Hey guys, I am trying to automate a report that a user has been instructed to reproduce on a continued basis. Given a group "GroupA" in DomainA, I need to enumerate all users who have access implicitly through sIDHistory. Off the top of my head, does this miss anything: - Enumerate all members of GroupA in DomainA recursively. - Explicit users. - Members implied through explicit group membership (recursively as well). - Enumerate any users in DomainA whose sIDHistory collection contains one or more of any of the above SIDs. - Enumerate any users in DomainB whose sIDHistory collection contains one or more of any of the above cumulative SIDs. Does that cover it? Thanks, jlc
